Report: Merchants Race To Outpace Online Fraudsters

More than US$700 million in online sales was lost tofraud in 2001, according to a report released Mondayby GartnerG2.

Last year’s online fraud losses represented 1.14 percent of total annual online sales of $61.8 billion, the report stated. Those losses were 19 times higher than fraud losses resulting from offline sales.

“Fraudsters are getting more sophisticated and moreactive, but merchants are also getting moresophisticated in fighting fraud,” GartnerG2 senioranalyst Kenneth Kerr told the E-Commerce Times.”Merchants that are doing nothing are in trouble.”

All told, the battle against online fraud is gainingsteam as consumers begin to embrace newcredit card protection systems from Visa and MasterCard.

Safety Numbers

In 2001, 5.2 percent of U.S. online consumers werevictimized by credit card fraud and 1.9 percent werevictimized by identity theft, according to GartnerG2.

To protect themselves, more than 18 percent of onlineconsumers are turning to Visa’s Verifiedby Visa program and MasterCard’s UniversalCardholder Authentication Field (UCAF) standardand Secure Payment Application (SPA).

These new security initiatives rely on passwords toauthenticate cardholders during online transactions.

“After years of missteps, the credit card companieshave finally got it right with their consumerauthentication technology,” GartnerG2 vicepresident and research director Avivah Litan said.”Consumers are willing to adopt the easy-to-usepassword-based applications.”

Up for Adoption

So far, Visa is outpacing MasterCard in rolling out itssecurity system. Kerr estimated that Visa willsign up the top 50 U.S. retailers asVerified by Visa participants by the end of 2002.

“Consumers want to know their online purchases aresecure, and getting that security should not be aninconvenience,” said Todd Penner, online marketingdirector of Dell’s Consumer Group (Nasdaq: DELL) and aVerified by Visa participant. “Greater consumerconfidence in e-commerce ultimately means increasedonline sales.”

But to accelerate the merchant adoption rate,GartnerG2 suggested that both Visa and MasterCardshould lower merchants’ transaction fees.

As preliminary adoption incentives, the two creditcard companies have said they plan to make issuers, rather thanmerchants, liable for transactions.

U.S. merchants, however, will continue to pay higherfees for Internet transactions, which averageapproximately 2.5 percent versus 1.5 percent forin-store sales.

Miles To Go

While analysts view password-based security systems ascritical advances in the anti-fraud campaign, completeexpulsion of such crime is still years away.

“Credit card passwords will not wipe out fraud as weknow it until they become the required method ofonline commerce,” Kerr said. “Right now, consumers areprotected only at sites that accept passwords.”

Since adjusting online payment systems to acceptpasswords initially will prove too costly for somesmaller retailers, opportunistic criminals will stillferret out the loopholes, Kerr added.

Trusted Names

Password-based security systems garnered far moreconsumer support than more complex systems, such aspublic key infrastructure (PKI), smart cards anddisposable card numbers, Litan said.

“Most consumers are unwilling to take the extra stepsrequired to use PKI,” she added, citing the failure ofthe MasterCard/Visa-sponsored, PKI-based SecureElectronic Transactions standard.

What is more, consumers believe the password-basedVisa and MasterCard systems offer better protectionthan PKI or smart cards, said Litan. This erroneous belief shows thatbranding may be more important than technically robust security schemes.